Configuring A Mac Authentication Critical Vsi; Configuration Restrictions And Guidelines; Configuration Prerequisites; Configuration Procedure - HPE FlexNetwork 10500 Series Security Configuration Manual

Step
4. (Optional.) Set the
authentication interval
for users in the MAC
authentication guest
VSI.

Configuring a MAC authentication critical VSI

Configuration restrictions and guidelines

When you configure the MAC authentication critical VSI on a port, follow these restrictions and
guidelines:
•
The MAC authentication critical VSI feature has higher priority than the quiet feature of MAC
authentication. When a user fails MAC authentication, the user can access the resources in the
critical VSI. The user's MAC address is not marked as a silent MAC address.
•
You can configure only one MAC authentication critical VSI on a port. The MAC authentication
critical VSIs on different ports can be different.

Configuration prerequisites

Before you configure the MAC authentication critical VSI on a port, complete the following tasks:
•
Enable L2VPN.
•
Create the VSI to be specified as the MAC authentication critical VSI, and create a VXLAN for
the VSI.
•
Enable MAC-based traffic match mode for dynamic ACs on the port.
For more information, see VXLAN Configuration Guide.

Configuration procedure

To configure the MAC authentication critical VSI on a port:
Step
1. Enter system view.
2. Enter interface view.
3. Specify the MAC
authentication critical
VSI on the port.

Configuring periodic MAC reauthentication

Overview

Periodic MAC reauthentication reauthenticates online MAC authentication users at a
user-configurable reauthentication interval. The reauthentication feature tracks the connection
Command
mac-authentication
guest-vsi auth-period
period-value
Command
system-view
interface interface-type
interface-number
mac-authentication critical vsi
critical-vsi-name
153
Remarks
The default setting is 30 seconds.
Remarks
N/A
N/A
By default, no MAC authentication
critical VSI exists.